exploitDog

CVE-2025-67077

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

Ссылки

https://www.agora-project.net
Product
https://www.helx.io/blog/advisory-agora-project/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:agora-project:agora-project:*:*:*:*:*:*:*:*

Версия до 25.10 (исключая)

EPSS

Процентиль: 15%

0.00047

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-5c4g-2g7f-vp3x

CVSS3: 6.5

github

23 дня назад

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action.

EPSS

Процентиль: 15%

0.00047

Низкий

8.8 High

CVSS3

Дефекты

CWE-434